diff options
| author | deraadt <> | 2014-07-12 17:35:23 +0000 | 
|---|---|---|
| committer | deraadt <> | 2014-07-12 17:35:23 +0000 | 
| commit | 6e1dadc60b9caa0731d1a0df7bf493ef73d4a1f4 (patch) | |
| tree | 695dff78e55b81f5d4b089316b42b258953e46d4 | |
| parent | 2608a374bc0d5bdbb8fff6d0477adf58542ee1e8 (diff) | |
| download | openbsd-6e1dadc60b9caa0731d1a0df7bf493ef73d4a1f4.tar.gz openbsd-6e1dadc60b9caa0731d1a0df7bf493ef73d4a1f4.tar.bz2 openbsd-6e1dadc60b9caa0731d1a0df7bf493ef73d4a1f4.zip | |
jsing and I are investigating removal of all? most? 'getenv from library'
instances.  This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first,
especially since it had this special comment:
/* A hack to keep people who don't want to modify their software happy */
ok beck jsing
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_vfy.c | 4 | 
2 files changed, 6 insertions, 2 deletions
| diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index d894facd47..0b0a2c56d2 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -491,10 +491,12 @@ check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 491 | } else { | 491 | } else { | 
| 492 | allow_proxy_certs = | 492 | allow_proxy_certs = | 
| 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 
| 494 | #if 0 | ||
| 494 | /* A hack to keep people who don't want to modify their | 495 | /* A hack to keep people who don't want to modify their | 
| 495 | software happy */ | 496 | software happy */ | 
| 496 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 497 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 
| 497 | allow_proxy_certs = 1; | 498 | allow_proxy_certs = 1; | 
| 499 | #endif | ||
| 498 | purpose = ctx->param->purpose; | 500 | purpose = ctx->param->purpose; | 
| 499 | } | 501 | } | 
| 500 | 502 | ||
| diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index d894facd47..0b0a2c56d2 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -491,10 +491,12 @@ check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 491 | } else { | 491 | } else { | 
| 492 | allow_proxy_certs = | 492 | allow_proxy_certs = | 
| 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 
| 494 | #if 0 | ||
| 494 | /* A hack to keep people who don't want to modify their | 495 | /* A hack to keep people who don't want to modify their | 
| 495 | software happy */ | 496 | software happy */ | 
| 496 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 497 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 
| 497 | allow_proxy_certs = 1; | 498 | allow_proxy_certs = 1; | 
| 499 | #endif | ||
| 498 | purpose = ctx->param->purpose; | 500 | purpose = ctx->param->purpose; | 
| 499 | } | 501 | } | 
| 500 | 502 | ||
